Ransomware Attack Hits Hanover Hill Health Care Center
Ransomware Attack on Hanover Hill Health Care Center by BlackSuit Group
Overview of Hanover Hill Health Care Center
Hanover Hill Health Care Center, located in Manchester, New Hampshire, is a comprehensive skilled nursing and rehabilitation facility. Established in 1970, the center operates a 124-bed residence offering sub-acute rehabilitation, nursing care, intermediate long-term care, and a specialized memory care unit. The facility is known for its high standard of care, certified by Medicare and Medicaid, and accredited by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO). Hanover Hill employs between 51 to 200 staff members and generates an estimated annual revenue between $5 million and $25 million.
Details of the Ransomware Attack
On July 31, Hanover Hill Health Care Center reported a ransomware attack by the BlackSuit group. The attack, discovered on July 16, compromised sensitive personal information stored on both the onsite server and its backup systems. The breached data includes names, Social Security numbers, dates of birth, addresses, and medical information related to Medicaid and Medicare applications. Daily resident care records stored on a cloud-based platform remained unaffected.
Facility administrator Lori McIntire confirmed that local, state, and federal authorities were notified, and legal and cybersecurity experts were consulted to mitigate the impact. The extent of the attack and whether a ransom was paid have not been disclosed. The facility advises affected individuals to enroll in identity theft monitoring services.
About BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including VMware ESXi servers. BlackSuit appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication.
Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting that BlackSuit may be a new variant developed by the same authors, a copycat, or an affiliate of the Royal ransomware gang. The high degree of similarity in code and functionality indicates a strong connection between the two ransomware families.
Potential Vulnerabilities and Penetration
The ransomware infiltrated both the onsite server and its backup systems at Hanover Hill, indicating potential vulnerabilities in their data security infrastructure. The attack highlights the importance of robust cybersecurity measures, especially for healthcare facilities that handle sensitive personal and medical information. The exact method of penetration remains unclear, but it underscores the need for continuous monitoring and updating of security protocols to defend against sophisticated ransomware attacks.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!